We have our API behind the AWS HTTP API gateway with a custom Lambda authorizer. Our JWT token contains an expiration time and base on that we have to return 401 when it is